Aveva

By the Year

In 2026 there have been 10 vulnerabilities in Aveva with an average score of 8.1 out of ten. Last year, in 2025 Aveva had 2 security vulnerabilities published. That is, 8 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.42.

Recent Aveva Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2026-5387	Apr 15, 2026	ICS: Privilege Escalation via Simulator Instructor/Developer Abuse The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privilege escalation with potential for modification of simulation parameters, training configuration, and training records.
CVE-2026-1507	Feb 10, 2026	Uncaught Exception in Core PI Services Allows Remote DaS (CVE-2026-1507) The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.	Pi Server
CVE-2026-1495	Feb 10, 2026	Event Log Reader Privilege Esc. to Leak Proxy Credentials The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
CVE-2025-64769	Jan 16, 2026	Unencrypted Channels in Process Optimization Allow MITM Attacks The Process Optimization application suite leverages connection channels/protocols that by-default are not encrypted and could become subject to hijacking or data leakage in certain man-in-the-middle or passive inspection scenarios.
CVE-2025-65117	Jan 16, 2026	ICS: Process Optimization Designer Auth OLE Embed Priv Esc The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.
CVE-2025-64729	Jan 16, 2026	Auth User Escalates Priv via Code Inject in Proc Opt Project Files The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to tamper with Process Optimization project files, embed code, and escalate their privileges to the identity of a victim user who subsequently interacts with the project files.
CVE-2025-65118	Jan 16, 2026	ICS: Process Optimization Service Code Injection Elevates Privilege to System The vulnerability, if exploited, could allow an authenticated miscreant (OS Standard User) to trick Process Optimization services into loading arbitrary code and escalate privileges to OS System, potentially resulting in complete compromise of the Model Application Server.
CVE-2025-61943	Jan 16, 2026	Captive Historian Auth Bypass Allows SQL Server Admin Code Exec The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Standard User) to tamper with queries in Captive Historian and achieve code execution under SQL Server administrative privileges, potentially resulting in complete compromise of the SQL Server.
CVE-2025-64691	Jan 16, 2026	ICS: Authenticated User Escalates Privileges via TCL Macro Tampering The vulnerability, if exploited, could allow an authenticated miscreant (OS standard user) to tamper with TCL Macro scripts and escalate privileges to OS system, potentially resulting in complete compromise of the model application server.
CVE-2025-61937	Jan 16, 2026	taoimr RCE: Remote Code Execution under OS Privileges The vulnerability, if exploited, could allow an unauthenticated miscreant to achieve remote code execution under OS system privileges of taoimr service, potentially resulting in complete compromise of the  model application server.
CVE-2025-8386	Nov 14, 2025	Appian Help Files XSS via aaConfigTools Enables PrivEsc The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time operations within the IDE component of Application Server. Run-time components and operations are not affected.	Application Server
CVE-2025-9317	Nov 14, 2025	CVE-2025-9317: Edge Password Hash Bypass via Local File Access The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.	Edge
CVE-2024-3467	Jun 12, 2024	AVeVA PI Asset Framework Client XML Import RCE via PI System Explorer There is a vulnerability in AVEVA PI Asset Framework Client that could allow malicious code to execute on the PI System Explorer environment under the privileges of an interactive user that was socially engineered to import XML supplied by an attacker.	Pi Asset Framework Client
CVE-2023-6132	Feb 29, 2024	AVEVA Edge DLL Injection for Arbitrary Code Exec and Privilege Escalation The vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.	Platform Common Services Aveva Edge
CVE-2023-31274	Jan 18, 2024	Unauthenticated memory exhaustion DoS in AVEVA PI Server Message Subsystem AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.	Pi Server
CVE-2023-34348	Jan 18, 2024	AVEVA PI Server 2023/2018 SP3 P05 Remote DoS via Unauthenticated Crash AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.	Pi Server
CVE-2021-42796	Dec 16, 2023	CVE-2021-42796: AVEVA Edge ExecuteCommand UAC arbitrary command exec An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.	Edge Aveva Edge
CVE-2021-42797	Dec 16, 2023	Unauth Path Traversal in AVEVA Edge Enables Windows Token Theft Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior allows an unauthenticated user to steal the Windows access token of the user account configured for accessing external DB resources.	Edge Aveva Edge
CVE-2021-42794	Dec 16, 2023	AVEVA Edge connection string port scanning vulnerability An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The application allows a client to provide a malicious connection string that could allow an adversary to port scan the LAN, depending on the hosts' responses.	Edge Aveva Edge
CVE-2023-33873	Nov 15, 2023	Windows local OSauthenticated privilege escalation to SYSTEM This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine.	System Platform Manufacturing Execution System Mobile Operator And others...
CVE-2023-34982	Nov 15, 2023	OS Authentic User can Delete System Files via External Control Vulnerability This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service.	System Platform Manufacturing Execution System Mobile Operator And others...
CVE-2022-36969	Mar 29, 2023	AVEVA Edge 2020 SP2 Patch 0 XXE in LoadImportedLibraries - Info Disclosure This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.	Aveva Edge Edge
CVE-2022-36970	Mar 29, 2023	AVEVA Edge 20.0: RCE via crafted APP file (SP2) This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.	Aveva Edge Edge
CVE-2022-28685	Mar 29, 2023	AVEdge 2020 SP2 4201.2111.1802.0000: APP File Deserialization Remote Code Exec This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.	Aveva Edge Edge
CVE-2022-28686	Mar 29, 2023	AVEVA Edge 2020 SP2 Patch 0 RCE via unsecured APP file loading This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.	Aveva Edge
CVE-2022-28687	Mar 29, 2023	AVEVA Edge 2020 SP2.Patch0 APP file lib load RCE This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257.	Aveva Edge Edge
CVE-2022-28688	Mar 29, 2023	Remote Code Execution via APP Files before AVEVA Edge 2020 SP2 Patch 0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.	Aveva Edge Edge
CVE-2023-1256	Mar 16, 2023	AVEVA Plant SCADA & Telemetry Server Improper Auth Remote Data Leak The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states.	Telemetry Server Aveva Plant Scada
CVE-2022-23854	Dec 23, 2022	Path Traversal in AVEVA InTouch Access Anywhere Web Component AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.	Intouch Access Anywhere
CVE-2021-38410	Jul 27, 2022	AVEVA PCS Portal 4.5.2 DLL Hijacking via Uncontrolled Path AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.	System Platform Platform Common Services Batch Management And others...
CVE-2022-1467	May 23, 2022	Windows OS can be configured to overlay a language bar on top of any application Windows OS can be configured to overlay a language bar on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.	Plant Scada Access Anywhere Intouch Access Anywhere
CVE-2022-0835	Apr 11, 2022	AVEVA System Platform 2020 stores sensitive information in cleartext, which may AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user.	System Platform
CVE-2021-32977	Apr 04, 2022	AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify AVEVA System Platform versions 2017 through 2020 R2 P01 does not verify, or incorrectly verifies, the cryptographic signature for data.	System Platform
CVE-2021-32981	Apr 04, 2022	AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.	System Platform
CVE-2021-32985	Apr 04, 2022	AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify AVEVA System Platform versions 2017 through 2020 R2 P01 does not properly verify that the source of data or communication is valid.	System Platform
CVE-2021-33008	Apr 04, 2022	AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for functionality that requires a provable user identity.	System Platform
CVE-2021-33010	Apr 04, 2022	An exception is thrown An exception is thrown from a function in AVEVA System Platform versions 2017 through 2020 R2 P01, but it is not caught, which may cause a denial-of-service condition.	System Platform
CVE-2021-32987	Sep 23, 2021	Null pointer dereference in SuiteLink server while processing command 0x0b Null pointer dereference in SuiteLink server while processing command 0x0b	Suitelink
CVE-2021-32959	Sep 23, 2021	Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06 Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06	Suitelink
CVE-2021-32999	Sep 23, 2021	Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 Improper handling of exceptional conditions in SuiteLink server while processing command 0x01	Suitelink
CVE-2021-32979	Sep 23, 2021	Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a	Suitelink
CVE-2021-32971	Sep 23, 2021	Null pointer dereference in SuiteLink server while processing command 0x07 Null pointer dereference in SuiteLink server while processing command 0x07	Suitelink
CVE-2021-32963	Sep 23, 2021	Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 Null pointer dereference in SuiteLink server while processing commands 0x03/0x10	Suitelink
CVE-2021-32942	Jun 09, 2021	The vulnerability could expose cleartext credentials The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.	Intouch 2017 Intouch 2020
CVE-2020-13499	Sep 24, 2020	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	Edna Enterprise Data Historian
CVE-2020-13500	Sep 24, 2020	SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	Edna Enterprise Data Historian
CVE-2020-13501	Sep 24, 2020	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053 An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	Edna Enterprise Data Historian
CVE-2020-13504	Sep 24, 2020	Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	Edna Enterprise Data Historian
CVE-2020-13505	Sep 24, 2020	Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	Edna Enterprise Data Historian
CVE-2019-13537	Jan 14, 2020	The IEC870IP driver for AVEVAs Vijeo Citect and Citect SCADA and Schneider Electrics Power SCADA Operation has a buffer overflow vulnerability The IEC870IP driver for AVEVAs Vijeo Citect and Citect SCADA and Schneider Electrics Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash.